IETF Logo Mail Archive

Re: [Last-Call] LC feedback on draft-ietf-6man-rfc6874bis

Brian E Carpenter <brian.e.carpenter@gmail.com> Tue, 13 September 2022 01:34 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60700C15256F; Mon, 12 Sep 2022 18:34:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k3oOQu71zlme; Mon, 12 Sep 2022 18:34:13 -0700 (PDT)
Received: from mail-pl1-x62c.google.com (mail-pl1-x62c.google.com [IPv6:2607:f8b0:4864:20::62c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21A49C15256E; Mon, 12 Sep 2022 18:34:13 -0700 (PDT)
Received: by mail-pl1-x62c.google.com with SMTP id 9so10256495plj.11; Mon, 12 Sep 2022 18:34:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:in-reply-to:cc:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date; bh=FpyvotVT+Nq+MbFufmIwNuTAhYZ38ptGfB8ENU9vzTY=; b=fqLrE5y50LlcgHkDc1bXieZdT39YERQeHifqUTT6RaxYedJoAiwwDHqBrPKoalxiqV LNl7bA1RcTmhzlNjGXiu8MVRtOIfSkZOJygwe13Rd86FT2Sh3jycdnuyeH3KuxM+nB0B HArZBF8mj9wxm3i+ZZplBTbvKdrg8a1EntZhKL9hzBTJmk98e/3y70FMqV0H6uHCUdq1 k/9EJp9hnK47RtTs4YsZv+9hFnBkcq0g62VoX274HwKh2GtxPGgXrZsX/WggyhnKykQq YX4An5qbI1xF9gNDJ3Rg4uNABs94JpNhPpyXwLw6N1Db25RNPYWw9wYUwIgrifAeU9+i mDGw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:cc:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date; bh=FpyvotVT+Nq+MbFufmIwNuTAhYZ38ptGfB8ENU9vzTY=; b=34PQShMxRkUaAjPx7ytou0A7UGfQCO0WceRVhcYENespKYtc/JGvpgT9+/mRsmiilY UZ6+Mm2pruqAvJ2lZEuhFtWwcgB0/rVlQF5H6RGqIfjfEaysTuAs1RsTTf2dcr9uyXzv Pcb+52OltSqbqen6vOWonB8q5BFSQDSzfdIfZkoy/McTBxKzkyey+rv4R1N6IOZEkYBk At1xgemUiktPftY8BWwFflaN0yHv69ePAsbZ22JdnZug84HhC9dpQ23R4GjVU4xeoKB3 3ar9aUczezdsPn9GKocmKFAcoKY4DV8vuiBLE5UgVB6ZryB6r4GfZMg8jFRIeXAKLZmi gohQ==
X-Gm-Message-State: ACgBeo1GO9uqL9NsbEtK5ye0FrcyZCXVhaoNB14xnehb7MR0OCVMagz3 t4fjB0dhPcw+w0FlZ4dXLI4hDdlKsSIZdQ==
X-Google-Smtp-Source: AA6agR6BP3IwzMtXAlkSUcxDj4nKvPOOH9T0UYa9Y7/fstcnpCdSpkWY0c/cfeaVC//n3omKsUI45g==
X-Received: by 2002:a17:902:ce85:b0:178:2402:1f7d with SMTP id f5-20020a170902ce8500b0017824021f7dmr12060731plg.81.1663032852103; Mon, 12 Sep 2022 18:34:12 -0700 (PDT)
Received: from ?IPV6:2406:e003:1124:9301:80b2:5c79:2266:e431? ([2406:e003:1124:9301:80b2:5c79:2266:e431]) by smtp.gmail.com with ESMTPSA id i68-20020a626d47000000b0053bbaab3511sm6464591pfc.172.2022.09.12.18.34.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 12 Sep 2022 18:34:11 -0700 (PDT)
Message-ID: <1848bd6d-2dca-64cd-294d-bf9e6a90b7eb@gmail.com>
Date: Tue, 13 Sep 2022 13:34:06 +1200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: last-call@ietf.org, Mark Nottingham <mnot@mnot.net>
References: <40B9FB29-01E1-49CF-A3C9-A788B1A1C233@mnot.net>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Cc: 6man <ipv6@ietf.org>
In-Reply-To: <40B9FB29-01E1-49CF-A3C9-A788B1A1C233@mnot.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/g2oCCB4vlLxZ-CNWYDdo_SZS-Ic>
Subject: Re: [Last-Call] LC feedback on draft-ietf-6man-rfc6874bis
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2022 01:34:17 -0000

On 13-Sep-22 12:00, Mark Nottingham wrote:
> Hello,
> 
> I appreciate the effort that the authors and WG have put into this document, and I don't have any substantial technical issues with the document as written (although I have not reviewed it deeply).
> 
> That said, the IESG needs to consider this publication carefully. The targeted implementers (web browsers) have very clearly said they will not be implementing. From their issue of record:

Mark, that was then. People are now beginning to wake up to the fact that this is actually wanted by quite a lot of ops and support staff. It will change (the status as a Firefox "defect" has recently changed to "enhancement", for example) and the reason we need this on record as an RFC is so that, as the need becomes compelling, there will be an unambiguous basis for all implementers.

>> Overall, our internal consensus is that <zone_id>'s are bonkers on many grounds - the technical ambiguity (and RFC 6874 doesn't really resolve the ambiguity as much as it fully owns it and just says #YOLOSWAG) - and supporting them would add a lot of complexity for what is explicitly and admittedly a limited value use case.

That's OBE. And there isn't any technical ambiguity that I'm aware of. (What may be confusing is that the "zone identifiers" are utterly non-standardised beyond being an ASCII string, so there is no way for a parser to validate them; only the o/s can do that.)


> -- <https://www.w3.org/Bugs/Public/show_bug.cgi?id=27234#c2>
> 
> And, in their URL specification:
> 
>> Support for <zone_id> is intentionally omitted.
> 
> -- <https://url.spec.whatwg.org/#host-representation>
> 
> This is not just a question of getting them interested, nor one of resourcing. As their discussion points out, there are likely a number of additional security and user interface issues which would need to be addressed.

It's unclear that any of those issues remain in the bis. There were certainly issues of that kind in RFC6874 itself.

> The Shepherd Writeup says that has been circulated with the W3C TAG, the HTTP WG, and the ART area.
> 
> The TAG review was requested less than an hour ago:
>    https://github.com/w3ctag/design-reviews/issues/774
> 
> At a minimum, the IESG should allow that process to complete. Given the size of their queue, this may take some time.
> 
> In the HTTP WG, I only see two relevant messages:
>    https://www.w3.org/mid/CAPxZtjHf29s-b8M68uAcphpznbqBhjgfw0EYZHi__0DitE-i6Q@mail.gmail.com
> I wouldn't characterise this as a review.
> 
> I couldn't find any relevant messages on the ART list in the last two years. If I've missed something in either case, pointers would be appreciated.

It's been raised in DISPATCH more than once, most recently during the 6MAN adoption call in February 2022. I don't recall that anyone in DISPATCH suggested raising it on ART or HTTP. I thought that's what IETF Last Call was for, anyway.

> 
> The questions that I think the IESG needs to address in evaluating this document are:
> 
> 1. Should we be publishing a document where there is zero demonstrated implementation interest, and furthermore significant implementer concerns (as outlined above)?

Those concerns are what prompted this bis document to be written. The whole point of specifying it now is to avoid divergent implementations when the need is recognised.

If it had been as easy a fix for Firefox as it turned out to be for wget, I'd have implemented it myself. But in any case, it's now on for Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=700999#c94

(It's a two-line fix in wget. Sadly, the Firefox parsers (plural) are too complex for ordinary mortals to patch in a reasonably short time.)

> 2. Should lower-layer WGs be documenting how higher-layer protocols actually use the lower layer constructs, without buy-in or substantial review from those higher layer communities?

Yes, because if we don't nobody else will. And we've exposed this work to review both via DISPATCH and over at WHATWG (https://github.com/whatwg/url/issues/392#issuecomment-873744002), not to mention on the issue trackers for both Firefox and Waterfox.

> 3. If so, what precedent does that set for the network determining how applications use it? Here, I'm particularly concerned about the struggles regarding security and privacy between the layers.

I don't see any kind of precedent here. The tail sometimes wags the dog, but I am at loss to see which is the tail and which is the dog in this case.

As far as we're aware of any *new* security or privacy issues, they're discussed in the draft. Substantive comments are of course welcome.

> 4. Given the above, will publishing this document impact the IETF's credibility/legitimacy in the eyes of browser implementers and other communities?

Yes. It will show that we admit and fix our mistakes.

    Brian

> 
> Cheers,
> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
>

v2.23.0 | Report a Bug | By Email